Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Upgrade to QuickTime 7.5 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Upgrade to QuickTime 7.5

Apple released earlier QuickTime 7.5, which a.o. fixes a number of security bugs.

Apple's security improvements include fixes for:

  • CVE-2008-1581: PICT images can lead to an heap overflow and code execution
  • CVE-2008-1582: AAC coded media can lead to code execution
  • CVE-2008-1583: PICT images can lead to an heap overflow and code execution
  • CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution - note the fix: "This update addresses the issue by not rendering Indeo video codec content."
  • CVE-2008-1585: handling of file: URLs in QuickTime files could lead to an attacker controlled application launch and code execution - note the fix: "This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them."

--
Swa Frantzen -- Gorilla Security

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!